[RFC PATCH v2 0/8] ATF and OP-TEE Firewalling for K3 devices.

Tue, 26 Sep 2023 00:58:54 -0700 

K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices. 

AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle. 

Signed-off-by: Manorit Chawdhry <m-chawd...@ti.com>
---
Changes in v2:

Andrew:
    - Make the firewall DTS more readable with CONSTANTS

Neha:
    - Move GetHexOctet to dtoc for common usage
    - Update the documentation in ti-secure
    - s/indentifier/identifier/
    - Add firewall binman test

- Remove slave firewall multiple background regions
  ( Single firewall region works fine )
- Add a check in the subnodes to check for the node.name 'firewall'
- Change firewall indexing with id and region number so that it is easy
  to purge out firewalls and we don't need to redo the numbering.
- Add information for all the firewalls.
- Link to v1: 
https://lore.kernel.org/u-boot/20230905-binman-firewalling-v1-0-3894520bf...@ti.com/

---
Manorit Chawdhry (8):
      dtoc: openssl: Add GetHexOctet method
      binman: ti-secure: Add support for firewalling entities
      binman: ftest: Add test for ti-secure firewall node
      binman: k3: add k3-security.h and include it in k3-binman.dtsi
      binman: j721e: Add firewall configurations for atf
      binman: am62x: Add firewalling configurations
      binman: j721s2: Add firewall configurations
      binman: j7200: Add firewall configurations

 arch/arm/dts/k3-am625-sk-binman.dtsi         |  49 +++++++
 arch/arm/dts/k3-binman.dtsi                  |   2 +
 arch/arm/dts/k3-j7200-binman.dtsi            | 137 ++++++++++++++++++
 arch/arm/dts/k3-j721e-binman.dtsi            | 183 ++++++++++++++++++++++++
 arch/arm/dts/k3-j721s2-binman.dtsi           | 206 +++++++++++++++++++++++++++
 arch/arm/dts/k3-security.h                   |  58 ++++++++
 tools/binman/btool/openssl.py                |  16 ++-
 tools/binman/etype/ti_secure.py              |  85 +++++++++++
 tools/binman/etype/x509_cert.py              |   3 +-
 tools/binman/ftest.py                        |  12 ++
 tools/binman/test/311_ti_secure_firewall.dts |  28 ++++
 tools/dtoc/fdt_util.py                       |  20 +++
 12 files changed, 796 insertions(+), 3 deletions(-)
---
base-commit: 2fe4b54556ea6271237b35de68dc458bfceab94c
change-id: 20230724-binman-firewalling-65ecdb23ec0a

Best regards,
-- 
Manorit Chawdhry <m-chawd...@ti.com>

Reply via email to